referer-whitelist
Allow access based on the HTTP "Referer" request header. Commonly used to enforce that the client is a browser that supports RFC 2616 Section 14.36 and that the containing HTML page is served from a domain that is trusted by the content owner.
Note that for secure (HTTPS) requests the browser may not send a Referer header. As a safeguard, it is best to configure a false match for "url-scheme" with a value of "HTTPS" as shown in this example.
The behavior uses a wildcard syntax to allow blocking based on patterns. Examples include:
- *.somegooddomain.com*
- *.somegooddomain.com/this/path/is/allowed*
See referer-blacklist above for additional examples and considerations related to the "value" attribute.
{
"rules": [
{
"matches": [
{
"name": "url-scheme",
"value": "HTTPS",
"negated": true
}
],
"behaviors": [
{
"name": "referer-whitelist",
"value": "*www.mysiste.com* *www.myothersite.com*"
}
]
}
]
}